TL;DR: we have no plans for anonymous HTTPS by default, but will
eventually default to HTTPS for logged-in users.
1. It would require an ssl terminator on every frontend cache. The ssl
terminators eat memory, which is also what the frontend caches do.
2. HTTPS dramatically increases latency, which would be kind of
painful for mobile.
3. Some countries may completely block HTTPS, but allow HTTP to our
sites so that they can track users. Is it better for us to provide
them content, or protect their privacy?
4. It's still possible for governments to see that people are going to
wikimedia sites when using HTTPS, so it's still possible to oppress
people for trying to visit sites that are disallowed.
On Sun, Apr 1, 2012 at 7:06 PM, David Gerard <dgerard(a)gmail.com> wrote:
Lots of monitoring going into place:
https://en.wikipedia.org/wiki/Wikipedia:List_of_articles_censored_in_Saudi_…
http://www.bbc.co.uk/news/uk-politics-17576745
What are the current technical barriers to redirection to https by default?
- d.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l